Other official information and services: www.belgium.be

Warning: SailPoint Patched A Critical Vulnerability, CVE-2024-10905, In IdentityIQ, Patch Immediately!

Referentie:

Advisory #2024-286

Versie:

1.0

Geïmpacteerde software:

SailPoint IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2

SailPoint IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5

SailPoint IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8

All prior versions of SailPoint IdentityIQ 8.2

Type:

Improper Access Control Vulnerability

CVE/CVSS:

CVE-2024-10905: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Datum:

09/12/2024

Bronnen

SailPoint: https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905

Risico’s

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software. This vulnerability could allow attackers to access restricted files and directories, leading to potential data exposure.

The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. This CVSS score was calculated and assigned by SailPoint Technologies. It affects IdentityIQ versions 8.2, 8.3, 8.4, and other previous versions.

SailPoint released e-fixes (emergency fixes) for each impacted and supported version of IdentityIQ.

Beschrijving

The vulnerability stems from improper access controls within IdentityIQ. Vulnerable versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

Attackers can exploit this weakness to gain unauthorized access to static content within the application directory. This could include sensitive configuration files, application code, and potentially even user data.

The vulnerability affects a wide range of IdentityIQ versions, including:

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5
IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8
All previous versions of IdentityIQ

Vendor Advisory: https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

SailPoint has released e-fixes to address this vulnerability for all supported versions of IdentityIQ. Organizations using any of the affected versions are strongly urged to apply these patches immediately.

e-fixes: https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-Improper-Access-Control-Vulnerability/ba-p/261409

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

SecurityOnline: https://securityonline.info/cve-2024-10905-cvss-10-critical-vulnerability-in-sailpoint-identityiq-exposes-sensitive-data/
TheHackerNews: https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html